From: Michael Weber <xmw@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: eselect init
Date: Sat, 22 Jun 2013 13:13:31 +0200 [thread overview]
Message-ID: <51C586DB.9040005@gentoo.org> (raw)
In-Reply-To: <1371895644.30388.7.camel@localhost>
On 06/22/2013 12:07 PM, Pacho Ramos wrote:
> After talking with WilliamH yesterday, I have this opinion:
> - Playing with /sbin/init (instead of /sbin/einit) has two interesting
> advantages:
> 1. For example, I now have init=/sbin/e4rat-preload in my grub.conf, if
> I do a typo, it would fallback to /sbin/init. If /sbin/init is provided
> by sysvinit, people running other init providers could have problems.
> This wouldn't occur if /sbin/init has been changed to use desired init
> system.
> 2. Tools like e4rat or bootchart launch /sbin/init, if I switch to
> systemd, I would need to edit separate configuration files for each tool
> to point to new init. This wouldn't occur if we "play" with /sbin/init
> => we would only change init in one place
good point. maybe a ton other wrapper of that kind. shouldn't they read
/proc/cmdline for init=^H^H^H^H^Hreal_init= , but that takes time.
> - I have two doubts:
> 1. Why do we need a wrapper instead of changing symlinks?
And a plain symlink has the charm to either resolve (and load and most
likely execure the target) or dangles and kernel tries the next one.
No late, wrapper bailouts leaving the kernel in "You killed pid 1" panic.
=== kexec ===
speaking of panic. I've never actually used it, but newer kernels
support kexec and in conjunction with pre-loaded panic-images[1] and
corresponding (compiled-in) initramfs, it'd be possible to have an
recovery shell. for either /sbin/init mixups, or late runtime crashes.
These should have a the decency to respect the panic= timeout to allow
automated reboots or idle till to the end of days.
[sad enought, that kexec'd kernels don't pick up the process tables/heap
of their predecessors and enable real kernel-hotswitching]
=== more fallback ==
maybe we could ask Mr. Tovalds to ad another line in init/main.c, say
/sbin/init.fallback (but don't mention systemd) or we could abuse
/etc/init or /bin/init or /sbin/sh (with an wrapper to test for PID=1)
for an recovery-environment.
Fabio: did you mean that?
=== security ===
Bailing into /bin/sh or whatever can compromise filesystem
integrity/reveal root access to an uncrypted rootfs.
There is a scenario of vandalism-proof installed computer pools (no
physical access except keyboard/monitor) w/ unattended boot that should
not end up in root-shell. ;-) Maybe I should fix that on my systems ...
[1] sys-apps/kexec-tools http://kernel.org/pub/linux/utils/kernel/kexec/
--
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber <xmw@gentoo.org>
next prev parent reply other threads:[~2013-06-22 11:13 UTC|newest]
Thread overview: 139+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-25 9:54 [gentoo-dev] eselect init Luca Barbato
2013-05-25 10:25 ` Peter Stuge
2013-05-25 11:57 ` Tom Wijsman
2013-05-26 1:52 ` Walter Dnes
2013-05-26 8:50 ` Tom Wijsman
2013-05-26 2:02 ` Peter Stuge
2013-05-26 8:56 ` Tom Wijsman
2013-05-25 19:08 ` Matthew Thode
2013-05-26 14:13 ` Ian Stakenvicius
2013-05-26 23:54 ` Luca Barbato
2013-05-25 11:13 ` Pacho Ramos
2013-05-25 12:03 ` Tom Wijsman
2013-05-25 12:25 ` Pacho Ramos
2013-05-25 15:42 ` Luca Barbato
2013-05-25 11:29 ` Sergei Trofimovich
2013-05-25 12:12 ` Tom Wijsman
2013-05-25 13:15 ` Luca Barbato
2013-05-25 17:35 ` Sergei Trofimovich
2013-05-25 19:49 ` Chí-Thanh Christopher Nguyễn
2013-05-25 12:13 ` hasufell
2013-05-25 15:51 ` Luca Barbato
2013-05-25 13:38 ` Tom Wijsman
2013-05-25 19:09 ` J. Roeleveld
2013-05-25 19:55 ` Tom Wijsman
2013-05-25 20:07 ` Alex Xu
2013-05-25 20:59 ` Tom Wijsman
2013-05-26 12:59 ` J. Roeleveld
2013-05-26 13:58 ` Tom Wijsman
2013-05-26 14:54 ` Ian Stakenvicius
2013-05-26 13:15 ` Michał Górny
2013-05-26 14:07 ` Tom Wijsman
2013-05-26 14:44 ` Rich Freeman
2013-05-26 6:43 ` Michał Górny
2013-05-26 8:58 ` Robert David
2013-05-26 9:20 ` Michał Górny
2013-05-26 9:32 ` Robert David
2013-05-26 9:45 ` Tom Wijsman
2013-05-26 10:09 ` Michał Górny
2013-05-26 11:45 ` Tom Wijsman
2013-05-26 12:01 ` Michał Górny
2013-05-26 9:21 ` Tom Wijsman
2013-05-26 10:01 ` Robert David
2013-05-26 10:11 ` Rich Freeman
2013-05-26 10:18 ` Chí-Thanh Christopher Nguyễn
2013-05-26 11:28 ` hasufell
2013-05-26 12:10 ` Tom Wijsman
2013-05-26 9:55 ` Luca Barbato
2013-05-26 10:39 ` Tom Wijsman
2013-05-26 10:57 ` Michał Górny
2013-05-26 11:40 ` Luca Barbato
2013-05-26 12:08 ` Michał Górny
2013-05-26 12:24 ` Luca Barbato
2013-05-26 14:58 ` Ian Stakenvicius
2013-05-27 10:36 ` [gentoo-dev] Switchup-mode and boottime selector? Was: " Duncan
2013-05-27 20:26 ` Alex Xu
2013-05-27 22:40 ` Walter Dnes
2013-05-28 9:56 ` [gentoo-dev] " Duncan
2013-05-28 11:56 ` Tom Wijsman
2013-05-29 0:36 ` Duncan
2013-05-29 8:52 ` Tom Wijsman
2013-05-29 18:15 ` Walter Dnes
2013-05-29 19:56 ` Tom Wijsman
2013-05-29 20:55 ` William Hubbs
2013-05-30 0:06 ` Tom Wijsman
2013-05-30 0:22 ` William Hubbs
2013-05-30 1:36 ` Duncan
2013-05-30 6:35 ` Tom Wijsman
2013-05-30 20:41 ` William Hubbs
2013-05-30 6:46 ` Ciaran McCreesh
2013-05-30 13:54 ` Ian Stakenvicius
2013-05-31 6:21 ` Ciaran McCreesh
2013-05-30 6:30 ` Luca Barbato
2013-06-22 19:35 ` Markos Chandras
2013-05-30 2:52 ` Walter Dnes
2013-05-30 6:19 ` Tom Wijsman
2013-05-30 6:36 ` Dale
2013-05-30 6:31 ` Ciaran McCreesh
2013-05-28 3:55 ` [gentoo-dev] " Luca Barbato
2013-05-28 4:19 ` Michał Górny
2013-05-28 4:43 ` Luca Barbato
2013-05-28 12:15 ` Ian Stakenvicius
2013-05-28 12:15 ` Ian Stakenvicius
2013-05-26 11:58 ` Tom Wijsman
2013-05-26 14:52 ` Luca Barbato
2013-05-26 15:39 ` Tom Wijsman
2013-05-26 16:41 ` William Hubbs
2013-05-26 16:48 ` William Hubbs
2013-05-26 16:55 ` Michał Górny
2013-05-26 22:58 ` William Hubbs
2013-05-26 23:47 ` Luca Barbato
2013-05-27 23:45 ` [gentoo-dev] Separate boot/root already [WAS: eselect init] Walter Dnes
2013-05-28 15:07 ` Luca Barbato
2013-06-01 9:23 ` [gentoo-dev] Re: eselect init Steven J. Long
2013-06-01 11:43 ` Steven J. Long
2013-06-02 9:15 ` Luca Barbato
2013-06-02 18:20 ` [gentoo-dev] " Steven J. Long
2013-06-02 18:48 ` Fabio Erculiani
2013-06-08 13:37 ` [gentoo-dev] " Steven J. Long
2013-06-02 22:35 ` [gentoo-dev] " Luca Barbato
2013-06-03 0:37 ` Walter Dnes
2013-06-03 0:57 ` Rich Freeman
2013-06-03 7:03 ` Tom Wijsman
2013-06-03 9:42 ` Luca Barbato
2013-06-03 6:19 ` [gentoo-dev] " Duncan
2013-06-03 6:26 ` [gentoo-dev] " Pacho Ramos
2013-06-04 18:55 ` William Hubbs
2013-06-04 19:09 ` Rich Freeman
2013-06-08 13:28 ` [gentoo-dev] " Steven J. Long
2013-06-20 10:16 ` [gentoo-dev] " Fabio Erculiani
2013-06-20 17:10 ` [gentoo-dev] " Steven J. Long
2013-06-20 20:48 ` William Hubbs
2013-06-25 4:53 ` [gentoo-dev] " Steven J. Long
2013-06-20 20:56 ` [gentoo-dev] " William Hubbs
2013-06-21 2:39 ` Michał Górny
2013-06-21 4:16 ` William Hubbs
2013-06-21 10:23 ` Michał Górny
2013-06-21 15:16 ` William Hubbs
2013-06-21 15:23 ` Fabio Erculiani
2013-06-21 16:42 ` William Hubbs
2013-06-22 11:23 ` Jason A. Donenfeld
2013-06-22 11:57 ` hasufell
2013-06-21 19:34 ` Luca Barbato
2013-06-22 1:27 ` Ulrich Mueller
2013-06-22 1:48 ` Michael Weber
2013-06-21 15:29 ` Michał Górny
2013-06-21 16:13 ` Markos Chandras
2013-06-21 16:50 ` William Hubbs
2013-06-21 19:36 ` Luca Barbato
2013-06-21 10:30 ` Michael Weber
2013-06-21 11:19 ` Fabio Erculiani
2013-06-21 11:26 ` Pacho Ramos
2013-06-21 11:50 ` Luca Barbato
2013-06-21 14:36 ` William Hubbs
2013-06-21 15:48 ` Pacho Ramos
2013-06-22 6:59 ` [gentoo-dev] " Duncan
2013-06-22 10:07 ` Pacho Ramos
2013-06-22 11:13 ` Michael Weber [this message]
2013-06-22 11:26 ` Rich Freeman
2013-06-22 17:05 ` Luca Barbato
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C586DB.9040005@gentoo.org \
--to=xmw@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox